Source Code Found in FTP Server

Tuesday, April 9, 2013 @ 04:04 PM gHale

There is an open FTP server in Taiwan containing source code for various versions of American Megatrends (AMI) BIOS and even the private signing key for Unified Extensible Firmware Interface (UEFI) updates.

“By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor’s products that use this ‘Ivy Bridge’ firmware. If the vendor used this same key for other products — the impact could be even worse,” said security expert Adam Caudill, who discovered the issue along with Brandon Wilson.

Trojan Gets Smarter, Goes Global
Bitcoin Services Under Attack
Skype Malware Helps Mine for Bitcoins
Live Kelihos Botnet Takedown

“This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system’s security is an ideal scenario for covert information collection,” Caudill said on his blog.
Caudill said he notified AMI and the company in charge of the leaky FTP server.

AMI said the ‘vendor’ is a customer of AMI; it is this customer’s public FTP server that exposed this information, Caudill said.

AMI also said the signing key included in the ‘Ivy Bridge’ archive is a default test key; AMI instructs customers to change the key before building for a production environment. It’s not currently known if the customer was following recommended practices. In addition the ‘Ivy Bridge’ code was unmodified, meaning the customer had not made any alterations to this specific copy, Caudill wrote on his blog.

Leave a Reply

You must be logged in to post a comment.